AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,418 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

238 Commits

Author SHA1 Message Date
Marcus Hill 61777116a9 CSRF Token 
Upon login, issue the user a CSRF token (in their session). This token should be provided when completing sensitive actions (e.g. deleting companies/clients, changing their password, etc.)

Ref: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern
 2022-05-01 18:43:53 +01:00
Marcus Hill 6f4a2d0385 Tidy 2022-04-24 11:50:27 +01:00
wrongecho 6091d373bc
Remove redundant jump/return 2022-04-16 12:13:18 +01:00
Marcus Hill ca629801af Change all "AND" / "OR" to && / || 2022-04-14 18:40:51 +01:00
Marcus Hill a3ca268fcf Small code cleanups 2022-04-14 07:54:40 +01:00
Marcus Hill be70883551 Refactor WHOIS lookups to use hosted heroku app 2022-04-02 12:19:35 +01:00
Joe Clark 9a04ff5341 Check if path exists before attempting to remove 2022-03-22 13:06:39 -07:00
Marcus Hill e09ea58bd4 Default get_ip to REMOTE_ADDR, option to set it to 2022-03-20 07:51:42 +00:00
johnnyq a9346845ab Refactored Currency Display using PHP numfmt_format_currency() function as this is best practice and will put the right currency symbol in the right place based off locale and currency type 2022-02-17 22:20:59 -05:00
Marcus Hill c8c26562f5 Adjust cookie setting to samesite none for encryption session key 2022-01-15 22:25:49 +00:00
Marcus Hill 2a4d42de09 Encryption changes 2022-01-11 20:42:46 +00:00
Marcus Hill 0382dbbfb2 Small change re https 2022-01-11 20:14:29 +00:00
Marcus Hill 2742410e4b http/https encryption cookie 2022-01-11 19:44:21 +00:00
Marcus Hill 951b03f712 Allow for encryption scheme upgrade 2022-01-11 14:03:34 +00:00
Marcus Hill bbe689fb33 Remove comments as this is complete 2022-01-11 00:40:15 +00:00
Marcus Hill aac50bdfdb More changes re encryption 2022-01-10 22:55:08 +00:00
Marcus Hill 49d895040a Add per-user password encryption using master key 2022-01-10 22:07:26 +00:00
johnnyq cf3c0a6410 Fixed a vulnerability in the setup.php file and other code cleanups. Thanks to the person that wishes to remain anonymous for reporting and providing a patch Also added a notice to readme to not use this web app during beta for production use 2022-01-01 17:02:31 -05:00
johnnyq 33400894d5 Updates and Fixings to Audit Logs, added client tag selection for mass email campaigns 2021-12-28 18:16:54 -05:00
johnnyq 997b07c822 Temp Removed Session User agent login vars from functions as its breaking Setup.php because of the reliance on an active mysql connection 2021-12-22 13:20:22 -05:00
johnnyq 4604280efe This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs. 2021-12-13 12:21:55 -05:00
johnnyq aaf65db6f3 Renamed MacOS X to just MacOS for user agent detection 2021-12-12 02:01:30 -05:00
johnnyq f02e94d585 Started adding IP and User agent to audit logs, log when a user logs out, Merged logout into post.php 2021-12-09 16:12:57 -05:00
johnnyq cdae4ecfb6 Set Currency Symbols to Company's Default Currentcy Setting 2021-11-19 20:04:03 -05:00
johnnyq 3ca92cd252 Added Truncated Description to Expense listing #203 2021-11-18 17:56:02 -05:00
johnnyq 2e5e1aee52 Phone numbers are all now formatted correctly per their length 2021-09-11 22:41:50 -04:00
johnnyq e9336c1866 Fix Recent Logins Log front not updating due to VAR name 2021-08-31 13:24:33 -04:00
johnnyq cdcd22ae6f Added TOTP Key 2FA Function to client logins 2021-08-18 22:29:22 -04:00
johnnyq f409e22a60 Started adding currency symbols and starting with invoice 2021-08-18 20:41:19 -04:00
johnny@pittpc.com f8166bdc81 Fixed more php errors empty vars updated more ui search headers 2021-02-04 17:42:21 -05:00
johnny@pittpc.com 6e5a65ecb1 Added PHP Truncate Function to functions.php 2020-09-25 17:16:02 -04:00
johnny@pittpc.com 7f3cdd975f Added a no records placeholder to all tables 2019-09-01 21:49:13 -04:00
johnny@pittpc.com 0e451056b4 Added get OS Browser Device and IP functions, added these functions to guest view invoice, also added invoice view alert and other minor fixes 2019-08-28 21:47:40 -04:00
root e247ad4ee4 Implemented 2FA TOTP with Google Authenticator 2019-06-16 22:33:55 -04:00
root 709f88e1ee Added remove directory function 2019-05-27 13:49:13 -04:00
root 889a749d88 Added alert feedback boxes, little ui fixes for quote invoice and recurring added rejected instead of cancelled for quotes, and other little ui cleanups 2019-05-25 21:14:08 -04:00
root b559b58f34 Fixed add invoice, quote, recurring under client area, added alternative contact photo if one is not present using fontawesome stacked circle with contact initials inside 2019-05-18 23:27:15 -04:00
root 1f02a1d287 Quotes fully work now, including PDF, Email, Approval, Cancel, Edit, Copy, Copy to Invoice, also added quote_footer config to settings 2019-05-17 22:43:51 -04:00